Minutes - 10 Apr 2024

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 10 April 2024
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 61

Download meeting minutes (PDF 1.9MB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Alysia Abeyratne, NAB
  • Damir Cuca, Basiq
  • Chris Ellis, Finder
  • Melinda Green, Energy Australia
  • Gavin Leon, CBA
  • Peter Leonard, Data Synergies Pty Ltd
  • Colin Mapp, Toyota Finance Australia
  • Drew MacRae, Financial Rights Legal Centre
  • Lisa Schutz, Verifer
  • Aakash Sembey, Origin Energy
  • Richard Shanahan, tictoc
  • Stuart Stoyan, Fintech Advisor & Investor
  • Zipporah Szalay, ANZ
  • Tony Thrassis, Frollo
  • Wen-Ching Un, Wesptac
  • Naomi Gilbert, DSB
  • Elizabeth Arnold, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Jarryd Judd,DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Nathan Sargent, DSB
  • Mark Verstege, DSB
  • Seamus O'Bryne-Inglis, ACCC
  • Marnix Zwankhuizen, ACCC
  • Shane Adams, OAIC
  • Sarah Croxall, OAIC
  • Rita Mohan, OAIC
  • Aidan Storer, Treasury
  • John O'Mahony, Deloitte
  • Adam Clark, CBA
  • Peter Harris, Product Commissioner
  • Ryan Manoo, Basiq
  • Kam Rafiei, Basiq
  • Jill Berry, Adatree
  • Brenton Charnley, Mastercard
  • Prabash Galagedara, Telstra

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 61.

The Chair acknowledged the traditional owners of the various lands from which the committee members joined the meeting.  He acknowledged their stewardship and ongoing leadership in the management of water, land and air and paid respect to their elders, past, present and those emerging.  He joined the meeting from Cammeraygal land.

The Chair thanked the Data Standards Advisory Committee (DSAC) members, given their volunteer status with no payment, their work in the national interest, their commitment, level of input and passion they bring as volunteers was very much appreciated. 

The Chair noted that the Data Standards Body (DSB) released version 1.29.1 of the standards, concluded Maintenance Iteration # 18 and updated a number of repositories and tools to align with the latest version of the standards since the last meeting. 

The Chair noted that the CX Team focused on further work to support the Consent Review, releasing CX Guidelines for the July 2023 Rules, DP333, and DP334, CX research for the account origination experiment, and conducting activities to support CDR implementation and maintenance.

The Chair welcomed John O’Mahony - Partner at Deloitte Access Economics, Adam Clark - Executive General Manager Digital Economy at CBA and Peter Harris – former Chair of the Productivity Commission.  They joined the meeting to discuss the recently published report by Deloitte on the Consumer Data Revolution – Empowering Australia’s Future. 

The Chair noted that Jill Berry (Adatree), Brenton Charnley (Mastercard) and Prabash Galagedara (Telstra) were apologies for this meeting.

Minutes

Minutes

The Chair thanked the DSAC Members for their comments on the Minutes from the 13 March 2024 meeting. The Minutes were formally accepted.   

Action Items

The Chair noted that the Action Items were either completed or addressed at the meeting. 

The Chair noted that he had extended an invite to the Australian Banking Association (ABA) to attend a meeting, but they had declined the offer and are working with the DSB. 

Presentation by Deloitte

John O’Mahony from Deloitte Access Economics presented on the recently published report on the Consumer Data Revolution – Empowering Australia’s Future which was developed with the support of the Commonwealth Bank of Australia. 

Deloitte noted that the CDR objectives include the following:

  • Putting the consumer in control of their data;
  • Fuelling competition and productivity in the economy; and
  • Setting the standards for consent and privacy. 

They noted that their report outlined that some issues encountered as being:

  • Consumer uptake for CDR solutions remains low;
  • Industry has not had the ability to rise to the completion and innovation challenge; and
  • CDR’s focus on data fidelity and depth has trade-offs against implementation speed. 

They outlined that they had undertaken research to analyse data across the Australian economy to understand both where consumer data is captured, and the unique consumer insights that data types provide can help guide future CDR rollout to increase consumer benefits more consciously. 

They noted that the proportion of total consumer data in Australia includes 4% in banking & utilities: 9% in retail; 5% in personal & consumer services departure; and 59% in software & information services.

Starting with an OECD taxonomy of data, they stated that they had looked at 46 different types of data across 6 different sub areas to see which areas of the economy hold the most types of data.  They noted that results showed that Government held the most important information at 33. 

They outlined that the work looked at the opportunities to overcome barriers to consumer and business participation. They proposed that as the CDR expands, there should be a shift from sectoral designation to what services can be offered around ‘life stages’, that is, consumer problems rather than business sectors.  This would require a change in the structure to be more focused on the consumer rather than business to business.

They outlined that they had analysed economic impact to explore the macroeconomic benefits of the CDR through two lenses: the ‘competition impact’ to get a better deal using consumer data; and the ‘innovation impact’ for cross-sectoral data to support new services offered.  Based on potential uptake, they expected value from business innovation and productivity of $13 billion net gain to real GDP by 2043 and noted their findings on competition impact expecting to stimulate an additional $3.7 billion. 

Deloitte recommended that government needed to lead the way, incentivise consumers and make room for innovation. 

Adam Clark, Executive General Manger of Digital Economy at the CBA, noted that CBA supported Deloitte in preparing the report. He noted 3 key reflections, that:

  1. CDR can unlock productivity;
  2. What the pain points we should be solving for consumers should be clear; and
  3. Data is the fuel of the CDR. They noted that the CDR needs to unlock particular data (government and big data pools) in the economy and that would drive innovation, using CDR as not only a productivity driver but enhancing the lives of all Australians. 

The Chair asked if they could see the potential scope of services and how organisations and enterprises see themselves taking advantage of the opportunities. 

Deloitte noted that whilst relationship interactions were traditionally built on face-to-face interactions, customers are now more effectively seen through their data.  They noted that with the change in those interactions now being through data, coupled with the evolving banking landscape which is expanding, and with more non-bank institutions coming in, there is a need to respond through providing unique propositions for each customer depending on their needs.  However, they noted that it is difficult to envisage how we use the data sets across the economy when they are not available.  Deloitte noted that from a policy perspective, having a medium to long term plan around what data sets will be captured is critical to allowing banks, fintech’s and others to start planning how they’re going to use that data, innovate and start investing.  

One member noted the headline statistic of the report showed most data sits outside of banking, and in big tech (59%).  They noted however, that this misses the point in terms of value of that data as opposed to quantity and that core data points which provide high value utility lie instead in government verification or name identity, address, banking transaction data or utility consumption data.

Deloitte noted that they assessed data with three lenses: i) volume to start the conversation; ii) types of data; and iii) trusted or primary sources of the data. However, value gets more complicated when it comes to who’s using it and what can be monetised for the value of consumers for the businesses.  Their analysis looked at a fourth lens in its economic modelling to assess the different rates of value that could be generated by different businesses based on industry experience of monetising data, noting though that the rates of return were based only on existing value to date. 

The member asked whether they looked at it from a consumer value perspective as that would be the ultimate lens, for example assessing total value to consumers of shifting a mortgage market worth $100 million by 1%. 

The Chair noted that the member’s comments provided scope for a potential second report from Deloitte in relation to the value of datasets.

One member noted that one lens that was missing was privacy and looking at the sensitivity of the data for e.g., government and health data.  They noted that there may be value in monetising it, but consumers are very wary about the use of this data, particularly in an area where they don’t have confidence.  They noted many businesses are saying what consumers want, but queried whether Deloitte had spoken to consumer reps, and whether they looked at it from a privacy angle. 

Deloitte noted that getting the balance right and having a sensitive perspective on data privacy and consumer willingness to share data is important. They noted that the CDR is a better platform to share data between businesses than what most businesses and consumers are doing currently and suggested that the first stage was for government to improve sharing of data within government.  They also don’t want to come across as disrespectful of consumers anxiety about sharing data in different areas, but they do believe that the CDR can be a platform for trying to achieve higher consumer trust in the future. 

Adam Clark noted that privacy is very important from a CBA perspective and reemphasised the recommendations that Deloitte made on speaking to consumers. He noted that further work needs to be done to talk to consumers about life stages and understanding whether they’d be willing to share data through CDR.

The Chair noted that in performing his role as the Data Standards Chair, and as sensitivity of data goes up, so too does the importance of consent, potentially exponentially as you combine datasets. He also noted that work on life stages and what data is required is needed before the point of making rules and standards.  He noted that the DSB has looked at the issue of data sensitivity working with PwC and noted the difficulty of adding sensitivity implications into standards that should have been determined at point of designation and rulemaking.  The Chair noted that a data sensitivity framework needs to be progressed, which has been recommended previously.

A DSB representative supports the report, but noted simultaneous feedback from the ABA that the CDR isn’t of value, the costs are too high, and we need to slow everything down.  They queried views on how we should balance out continuous competing messages.

Adam Clark noted that the CBA were in conversation with the ABA and Deloitte were also presenting to them that week.  They stated that there will be alignment between the Deloitte report and where the ABA is headed with its advice, noting that the ABA’s report will likely focus more on the past.

One member noted that it was an excellent report to reinvigorate some of the discussion around the CDR.  From a privacy lens, they noted that we needed to look at the counterfactual and look at other methodologies for sharing data in the economy like screen scaping or opacity of data broker market.  This is a way to focus the attention on the different regulatory issues looking at data and privacy.  They stated that we have a great starting point with the CDR and it incumbent on us as privacy people to explain and communicate the benefits of the CDR, those restrictions around use and how we can use it as a better means for individuals to get benefit from their own data.

One member noted from an implementation lens, the implementation problem lies in standardising banking or other types of data that has never been standardised.  They noted that ACCC are doing conformance testing to ensure access to data is available and accessed in a standardised way, but that was never done with PRD data despite it coming in 12 months in advance of other obligations. They queried how do we get ahead of the standardisation problem of attempting to collate data in a standardised form when there wasn’t a standard available for testing.

The Chair noted that Decision Proposal 338 was largely about data standardisation and high value home loan data and credit card data. He noted the significance of this implementation consideration and difficulty of the issue, noting that he had spoken previously to ABA about standardisation, but they were unable to do it because of those variations.

Peter Harris noted when they designed the CDR originally, one of their greatest opponents was the UNSW Privacy Centre as they saw this as being terribly problematic.  They noted, however that UNSW had recently published a report saying how pleased they were with how the CDR turned out because it is a better defensive mechanism for managing your data than what exists today in standards data techniques, signalling an area of success in one of the greatest critics becoming a supporter of the CDR. 

They also noted that the UK government had given fintech’s a couple million pounds to develop ideas for what to do with open data.  They expressed concern with the Australian Government and the Minister not offering a mechanism by which you could build your super app or connectivity and picking  half a dozen willing participants to build ideas in a particular area of government priority.

The Chair thanked John O’Mahony, Adam Clark & Peter Harris for attending the meeting.  He suggested that there would be value in a second report, possibly from a data recipient point of view rather than a data holder, given some of the difficulty to justify how obligations generate benefit.

It was agreed to provide a copy of the slide deck with the minutes. 

Working Group Update

A summary of the Working Groups was provided in the DSAC Papers and taken as read.

Technical Working Group Update

A further update was provided on the Technical Working Group by Mark Verstege: 

The DSB noted that version 1.29.1 was released at the end of February as a small patch release to correct some minor fixes resulting from Maintenance Iteration # 17.  Maintenance Iteration # 18 had concluded and the team was preparing a decision to take to DSAC and the Chair which would be incorporated into a version 1.30 release.

The DSB held a risk focused workshop for energy data holders (DHs) on 19 March regarding the last customer change date (LCCD).  This change, initiated by AEMO, was to support the CDR to provide a way for retailers to indicate to AEMO when a customer change had occurred at a premises to ensure that only that resident’s customer data is returned for CDR data requests.  A noting paper was being prepared which would be published this month, followed by a Decision Proposal with the proposals for incorporation into the CDR standards.

The DSB noted that the Non-Functional Requirements Consultative Group (NFR CG) work had continued with forecasting scenario modelling. At the last meeting they discussed catering for large batch data request loads, particularly in challenges with energy dealing with large amounts of data for many energy accounts.  Large data volume is an emerging theme for the NFR CG, focusing on how they can ensure they’re appropriately ready for large influxes to the CDR and making sure they have the right solutions from a forecasting perspective.  The next meeting was scheduled for 24 April.

The DSB noted that for DP338, they were preparing a virtual community workshop for the end of the month with registrations being sent out by the end of this week.  They would recap on changes that were previously proposed to understand how they should consider those based on consumer value and implementation complexity. 

The DSB noted that for the Information Security Consultative Group (InfoSec CG) they had finalised membership, and they would be holding the first meeting on 24 April.  Membership covers a good mix of DHs and ADRs but also industry experts and includes CBA, NAB, ANZ, ConnectID, OpenID Foundation, Mastercard, Basiq, Frollo, Skript, WeMoney, Biza and RSM Australia.

One member queried what audience would be best placed to attend the DP338 workshop.

The DSB noted that they would include this in the registration information, but it would be useful for people with a product lens that can speak to the implementation cost and complexity, potentially that may include architects but also engineers.

One member asked in terms of DP338 and the Standards Assessment Framework, what the timing and approach to applying that value assessment framework to 338 would be. 

The DSB noted that they have been trialling the Standards Assessment Framework internally across open and past consultations.  Given the timing, they noted the intent to incorporate aspects of it but noting the workshops would be held afterwards. They noted that there is further work required before there is a stabilised framework to apply to future consultations, but they would be incorporating parts of it into the approach to further assessing 338 proposals.

The Chair noted that the plans to hold the Standards Assessment Workshops have been disrupted by school holidays and pushed back, but that there would be interaction between the development of the Standards Assessment Framework and progress on 338. 

Elizabeth Arnold from the DSB provided an update on next steps to develop the Standards Assessment Framework. She noted that the DSB had created a placeholder for Noting Paper 346 – Standards Assessment Framework and plans to hold two workshops in May to refine the draft concept, which has been undergoing internal testing to date.  She also acknowledged that the recent Noting Paper 345 describes the DSB’s business processes, capability, consultation processes and operating model, which they would welcome feedback on and would be updated in future, following the finalisation of the Standards Assessment Framework. 

Simple Account Experiment Update

James Bligh provided an update on the Simple Account Experiment and the Draft Reporting findings. 

The DSB noted that the purpose of providing a draft report to the DSAC was because the experiment was initiated by the DSAC. 

The DSB noted the report has been circulated with the caveat that it is a draft and the experiment participants have not yet signed off or approved the content.

The DSB noted the following insights:

  • Experimentation itself was highly valuable
  • The need to leverage what’s already there.  Participants concluded that when you have an existing industry standard you shouldn’t reinvent the wheel or redefine what industry has already developed, but that there was still a role for the DSB.
  • There is potential for the DSB working together with other standards bodies, in this case LIXI, and potential role in supporting standards to become normative and possibly mandated by government in future.
  • Purpose based consents - purpose statements are beneficial in a generic sense but when collecting data for only one use, they are a lot of overhead that could be condensed.  Having explicit and implicit aspects of consent remain, but not as complex, would be simpler for the consumer.
    • However, in a mandated context where you must implement purpose-based consent, this may become costly permeations in a data holder having to implement all of them.
  • Voluntary adoption is a strong potential path for doing something that services both the interests of business and consumer at once, where there is a likelihood that some market participants would implement this with no need for designation. For example, account origination brings customers in, enables banks to send applications, and equally supports what customers who want the products.  The voluntary nature is something to lean into given the feedback they’ve received.
    • However, a key barrier highlighted was that the current regulatory regime is very geared toward designation, compulsion and regulation. Voluntary adoption is feasible in that the extensibility model in the standards works, and technical mechanisms are there; but the ability to encourage and allow for voluntary adoption alongside the compelled regime is critical. 

The DSB noted that the voluntary participation from the private sector in the experiment was awesome and thanked everyone. James Bligh also thanked Michael Palmyre and the CX Team for their work and Terri McLachlan who project managed the experiment.

Michael Palmyre from the DSB noted that for the experiment they focussed on the CX research and artefacts, noting additional insights: 

CX research provided additional consumer as well as CDR participant input, demonstrating appetite for this use case to be further enabled by CDR by being easier than existing processes. It further provided preliminary insights into how experimental research can test those ideas.

Some of these activities can be done right now using current voluntary standards and outputs. Additionally, some activities are also supported from the existing framework as it stands. For example, under Rule 7.2 where accredited data recipients (ADRs) who are also authorised deposit-taking institutions (ADIs) can become data holders (DHs) of CDR data. There is an aversion to DHs becoming ADRs because of the ADR obligations and a lack of awareness around this rule – but it is possible right now provided you’re an ADI. 

The DSB noted the final report would also include barriers and areas for improvement, opportunities, and other outputs that would be provided, in addition to voluntary standards, such as developing use case blueprints to show how a use case can be facilitated, and share knowledge of running this experiment.  For example, DSB noted that for authentication drop-offs there were clear consistent themes and experiment outputs could be utilised to provide a blueprint of how to show insights.

The DSB noted that there wasn’t a consistent way within the CDR to have an open space to test ideas but noted that this exercise had been very valuable, and they have received suggestions for other experiments to pursue such as single touch payroll.

The Chair noted that there’s been a lot of discussion and thought about action initiation, but nobody had looked at this level of granularity.  He noted that it had been helpful to participants to see what it is and what it isn’t.

One member expressed support for a continued use case centred approach to the CDR. They also queried if there were any insights from the experiment on data minimisation and whether the experiment incorporated a Privacy Impact Assessment (PIA) assessment type of approach to understand the risks and whether they were mitigated.

The DSB noted that no PIA was done, as the scope of the experiment was to look at a particular use case which was very bounded.  They noted that in going through the process, however, the implications for exiting regulatory frameworks and obligations, and the need for security were well represented and continually discussed. They noted that the experiment was framed as a new to bank customer, who would be required to go to a broker or fill out an application form or walk into branch. They stated that the experiment was providing for a process of facilitating that with data they’ve got and staying in line with existing PIA restrictions.  They noted that if it progressed to the point of voluntary usage, there’d be no PIA concept as there’d be no government engagement, but the participants would have their own risk analysis.

The DSB also noted that there were useful insights on minimisation, in that through PRD end points, a bank would communicate exactly what they needed for an application. They noted the advantage being that this is a public statement about what data is not needed, with the implication being that someone building a system wouldn’t collect additional information that they don’t need.

The DSB noted two banks were involved along with Frollo and LIXI and they observed that the banks collected a broad set of data that was highly different. They noted that if there were growing standardisation, it would pare this difference back.

One member noted that it was great to see LIXI involved and the discussion around purpose-based consents. They queried whether negating the need to (re)declare financial data was considered; and asked whether the experiment touched on any of the derived data challenges.

The DSB noted that the previous point on rule 7.2 related to derived data, and the changing obligations where data is disclosed to a lender who is an ADR but can hold the data as a DH. They noted that the experiment demonstrated there was an avenue where there were fewer restriction on data disclosed to that DH or the ADR, who is also a DH and an ADI.

The DSB noted that the point of redeclaring financial position was being explored in the context of minimising the data exposed to the lender. There is an opportunity for the ADRs to do some of that work and disclose insights to the lender, however it was clear that some banks won’t accept that and will want to analyse the raw data themselves. They noted insights regarding factors of lenders wanting to look at data themselves as they don’t trust it.

One member noted this gets to the agency issues around one institution relying on another institutions’ data and issues of liability.  They noted risks where some providers or platforms are seen as ‘trusted platforms’ as opposed to everyone trusting everyone and having a complete data exchange.

They also noted that opening up big tech data could be great if you’re a bank but terrifying from a consumer perspective.  They flagged that under responsible lending laws, it is assumed a lender reviews, and therefore ingests and processes, all data received which requires substantial resourcing to do. They noted the natural barrier in having to ingest and process data beyond institutions just having an ability to access data.

The DSB noted that one of the findings in the report was that CDR needs to consider existing standards, regulation, controls and the broader ecosystem when considering use cases, and consider how the CDR facilitates a need that is already there. 

The DSB reiterated that the draft report that had been circulated had not been endorsed by the participants of the experiment and the final version would include contributions from participants before being published. 

The DSB noted that they would also be pursing the need for a ‘voluntary’ category of standard, which would not be regulated, but would be stable and managed. 

Consumer Experience (CX) Working Group Update

No further update was provided. 

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

Issues Raised by Members

Success metrics discussion

The Chair noted that they would hold over the success metrics item to the next meeting as the member was an apology for this meeting. 

Presentation on Screen scraping vs CDR

Ryan Manoo from Basiq presented Basiq’s findings on CDR vs Screen Scraping (SS) and testing reliability. 

Basiq noted that the objective was to measure the % of consumers who drop off when asked to provide their banking login and password. They noted that wanted to challenge the industry perception that more consumers drop off through CDR compared to scraping.

Basiq noted that they had measured the flows from starting point when an individual shared credentials in screen scraping (SS) to the end point of achieving successful connection.

Basiq noted a number of reasons as to why consumers drop off: 

  • Consumers don’t want to share bank details (SS)
  • Consumers can’t remember bank details (SS & CDR)
  • Bank implements ant-scraping measures (SS)
  • Scraping outage (SS & very rare in CDR)
  • Poor banking consent flow (CDR)

Basiq stated that they had looked at 250,000 consumers over a period of 90 days, which included all Basiq customers, across a variety of use cases and differing desires of customers to connect to bank accounts. They noted that they found:

  • 96% success rate in connecting bank account for CDR vs 73% for SS. Other data showed 50-70% a success rate with SS depending on use case.
  • 31% more success in bank account connections in CDR and a 6.75 times higher drop off rate in SS.
  • Post connection, an additional 15% of consumers connected via SS then dropped off which is due to the SS flow being disrupted. So, your 73% of connected users over time drops off to about 62%, whereas with the open banking experience, there is virtually no disruption as the data feed is authorised directly with the bank.
  • Disruption reasons include consumers changing credentials, banks changing their UI or API and banks introducing ani-scraping measures.
  • CDR data retrieval is 5x faster and CDR allows on-demand refresh of data while most SS providers refresh once a day.
  • On data quality, there are many more available fields in CDR (118, with 26 mandatory) compared to 9 fields in SS.  Whilst in CDR you can’t retrieve the additional account owner details on joint accounts due to consent, overall, the information able to be retrieved through the CDR is far higher.

One member noted that CDR data is not perfect. Data in the qualified format of the CDR Schema is considered ‘valid’ data, with 93-100% lying within the qualified format range.  However, the data could be inaccurately represented and thus, junk in the right format.  For example, nearly 100% of Bank A’s transaction data was in the correctly qualified format, yet 99% was classified as “other” which is not helpful if we want to enrich the data.

They noted that next steps include leveraging information; tracking & sharing data quality of specific banks and providing support to their DH team to reflect on issues; and marketing to try to change the CDR’s negative publicity and narrative through an evidence-based campaign strategy. 

Basiq noted other things that would help would include:

  • research on consumer drop off within the bank's consent flow;
  • conscious effort to respond to negative CDR publicity;
  • government and DH consumer campaigns; and
  • continuous improvement on data quality. 

One member asked if Basiq had an example of good quality transactional data compared to the Bank A (99%) example and whether they were planning to release this research as it was a useful insight.

Basiq noted that they spent a lot of time putting the data together and it is like for like.  They noted that whichever angle they looked at it, the stats were consistent; that they were aware of the poor state of banking data; and the reason they have highlighted that transaction type was to demonstrate that only one bank need trip up for issues to occur.  They flagged a challenge in that a user of their platform is agnostic to the bank they use but can then not access the service the platform is attempting to provide.

One member noted one example in credit card accounts, the data of which would comprise 80% as payments. Based on that account type, the banks gave a good split between ‘other transaction types’ and ‘others’ were rarely used, whereas Bank A was presenting 99% of data as ‘other’. 

One member asked about the number of consumers (250,000) and the ratio of those using SS vs CDR.  They noted that within their own company, if the CDR is available, they use it, and they only use SS for super accounts.  They also queried what would happen to SS when banks introduce MFA in logins.

Basiq noted that out of the 250,000 consumers, 130,000 were SS and 120,000 were CDR which was a relatively even split.  With regard to adapting to the introduction of MFA, they stated that whenever MFA is introduced by banks for SS, they must go through a process that allows for when the user is present for it to work.  Basiq and the member both noted this deficit of SS and the impossibility of ongoing retrieval of data.   

Treasury Update

No update was provided at this month’s meeting. 

ACCC Update

Marnix Zwankhuizen, Director - Technology Operations, of the Consumer Data Right Division at the Australian Competition and Consumer Commission (ACCC) provided an update as follows:

ACCC noted that in terms of the outstanding action items, they:

  • Had provided an update to the member around consent drops offs out of session.  They encouraged members to reach out to the compliance team at ACCC if they had any further questions around consent drop offs;
  • Had confirmed that they provide operational performance data to the DSB, and they are continuing to work together to ensure the value of the data can be extracted; and
  • We’re working on a time to present the March 2023 Interim Report to the DSAC.

ACCC provided a general update as follows, noting that they had: 

  • Issued correspondence to DHs in relation to the new targeted compliance review which will focus on product reference data (PRD) data quality;
  • Completed their analysis of the biannual Rule 9.4 reports.  262 reports have been received as of 29 February; 
  • Published revised guidance for DHs on how to assess whether product is in scope for CDR. The revisions reflect changes made to the CDR Rules back in 2023;
  • Responded to 5 participants enquires last month by the guidance team; and
  • Implemented a number of changes including retiring hybrid flow from the sandbox PT solution to align with the data standards and introduced some field validation into the participant portal to capture correct values and reduce errors.   

Meeting Schedule

The Chair advised that the next meeting would be held remotely on Wednesday 8 May 2024 from 10am to 12pm. 

Other Business

No other business was raised.

Closing and Next Steps

The Chair noted that the Consumer Data Revolution – Empowering Australia’s Future presentation and discussion from Deloitte was tremendous.  He also thanked Basiq for their excellent presentation on screen scraping vs CDR. 

The Chair thanked the DSAC Members and Observers for attending the meeting. 

Meeting closed at 12:05